CVE-2018-25131
Unknown Unknown - Not Provided
Stored XSS in Leica Geosystems GNSS Configuration Upload

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25131
EUVD
EUVD-2025-205350
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
leica_geosystems gr30 4.30.063
leica_geosystems gr10 4.30.063
leica_geosystems gr50 4.30.063
leica_geosystems gr25 4.30.063
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in Leica Geosystems GR10/GR25/GR30/GR50 GNSS software version 4.30.063 and earlier. It occurs because the software allows unrestricted upload of configuration files, including malicious HTML or JavaScript files. These malicious files are stored on the device and, when accessed, execute arbitrary JavaScript in the user's browser session, potentially compromising the user's interaction with the device's web interface. [2, 3]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of a user's browser session when they access the affected device's web interface. This can lead to theft of sensitive information such as cookies, session tokens, or other data accessible via the browser, potentially enabling further attacks like session hijacking or unauthorized actions on the device. [2, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious HTML or JavaScript files uploaded to the device, specifically in the /settings/poc.html path. Detection involves monitoring HTTP POST requests to the /upload_config/ endpoint for suspicious multipart/form-data uploads containing HTML or JavaScript code. A practical approach is to capture and analyze network traffic for such POST requests. For example, using curl to simulate or detect uploads: curl -v -F '[email protected]' http://<device-ip>/upload_config/ or using network monitoring tools to inspect traffic to /upload_config/. Additionally, inspecting the /settings/poc.html file on the device for unexpected content can help identify exploitation. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the configuration file upload functionality to prevent uploading malicious files. Ensure that only trusted users have access to the upload feature. Monitor and remove any suspicious files found in the /settings/poc.html path. Applying firmware updates or patches from Leica Geosystems, if available, is recommended. If no patch is available, consider isolating the device from untrusted networks to reduce exposure. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25131. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart